DOCSLIB.ORG

Algorithms to Support the Evolution of Information Assurance Needs

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Algorithms to Support the Evolution of Information Assurance Needs Introduction For decades NSA has had the role of ensuring the security of National Secu- rity Systems (NSS). NSA’s Directorate of Research designs cryptographic algo- rithms, operating modes, and protocols for this purpose. More recent cultural changes at NSA include an increased reliance on commercial cryptographic technologies for securing NSS and a greater sensitivity to the need to be more transparent and open in our efforts. In 2013, NSA released a pair of algorithms—Simon and Speck—for the cryp- tographic community to analyze and review. The goal for Simon and Speck is to provide options that could enable future devices in highly constrained environments to be secured, in particular where current options are not viable, and where classified solutions are not possible. This look into NSA design efforts is significant and almost unprecedented, and we express our gratitude to the cryptographic and engineering community for their analysis of both the security and performance of Simon and Speck. To provide additional insight and to clarify the appropriate use of Simon and Speck, NSA has decided to publish this document providing some Simon and Speck background and answers to frequently asked questions. The evolution of Information Assurance Since its creation in 1952, NSA has maintained the responsibility of securing classified federal telecommunications. Through the decades, this mission has continuously progressed to keep pace with the evolution of technology and the subsequent expansion of the role of information security. As we consider the future of the NSA IA mission, we see yet another evolution in computing, communications, and networks, which drives new and expanding use of cryptography all around us. We are standing on the precipice of the Internet of Things (IoT) revolution, an explosion of connected devices that will profoundly affect our daily lives and change the way we interact with the physical world around us. The IoT expands the Internet into a network of smart objects (“things”) that have the ability to communicate with each other and with centralized resources. Prominent IoT technologies today include RFID, which is a key enabler of modern supply-chain management and industrial logistics, and wireless sensor networks, whose applications range from home automation to traffic control to medical monitoring. When we consider the rapid increase in connected devices, it is evident that we are facing unprecedented challenges to security and privacy. For very highly constrained applications, the chosen cryptographic algorithms must be efficient enough to fit within the scarce resources available. Research is currently under way in the growing field of “lightweight” cryptography that strives to protect communication in these environments where limited power, energy, chip area, RAM, ROM, etc. are available, without sacrificing security. To meet these challenges, NIST has recently announced their intention to create a portfolio of lightweight primitives. Algorithms will be recommended for use only in the context of profiles, which describe physical, performance, and security characteristics. These profiles are intended to capture cryptographic algorithm requirements imposed by devices and applications where lightweight cryptography is needed. NIST will develop these profiles based on community input about application and device requirements for lightweight cryptography. While this document focuses on the single aspect of encrypting data in con- strained devices and networks, it is important to remember that we face many IoT challenges. There is more research and discussion required, in particular to address the unique authentication requirements posed by constrained net- works and to consider algorithm agility, especially to manage the potential for unanticipated interoperability needs as networks grow. We welcome the sup- port and involvement of the full breadth of the cryptographic community as we work to address these additional, outstanding challenges. We aim to further the discussion of lightweight cryptography by proposing Simon and Speck be added to the set of options to consider for particular con- strained applications. Simon and Speck Simon and Speck each refer to a separate family of block ciphers. A block cipher is an encryption algorithm that allows parties already sharing a common secret key to securely encrypt blocks of data. Simon and Speck each support a variety of block and key sizes, so that an algorithm can be tailored to a particular application. More specifically, each of Simon and Speck is a family of lightweight block ci- phers, meaning they are tailored to be particularly efficient when implemented on extremely constrained platforms, such as RFID tags, sensor nodes, micro- controllers, and other resource-limited devices. It should be noted that while the field of lightweight cryptography includes many primitives, schemes, and protocols specifically designed for efficiency in constrained environments, more general purpose algorithms such as AES may be capable of meeting the needs of many constrained environment applications. The term “lightweight” does not refer to the security of an algorithm, but only to its suitability for use on highly constrained devices. Thus a secure lightweight block cipher with a given block and key size provides the same level of security as any other secure block cipher with that same block and key size. A key element of the design of Simon and Speck is their flexibility, i.e., their ability to perform well on a full range of hardware and software platforms, and to allow a spectrum of implementations from those with a very small footprint and correspondingly low throughput to those with high throughput and a correspondingly larger footprint. The aim is to support implementations on heterogeneous networks, where good performance may be necessary on many disparate sorts of devices. With that said, Simon is optimized for hardware applications and Speck for software applications. So for an application mostly on hardware (respectively software) devices, Simon (resp. Speck) is the best choice. The flexibility of Simon and Speck is a by-product of their simplicity. They are built using a set of very simple operations (AND, XOR, addition, circular shift) that can easily be performed on just about any device capable of computation. As originally defined, Simon and Speck offered a broad range of block and key sizes: block size key size 32 64 48 72, 96 64 96, 128 96 96, 144 128 128, 192, 256 When we consider potential NSS applications, Simon 128/256 and Speck 128/256, which act on 128-bit plaintext blocks using a 256-bit key, are the only suitable options. Full descriptions of the algorithms can be found at [BSS+13]. Simon and Speck FAQ Here follows an FAQ for the algorithms Simon and Speck. 1. General Questions How do Simon and Speck factor into NSA’s plans for constrained applications? NSA’s Directorate of Research designs cryptographic algorithms, operating modes, and protocols in support of NSA’s Information Assurance Mission to ensure the security of National Security Systems (NSS). It is likely that future NSS will include constrained, commercial devices. The goal of Simon and Speck is to provide options that could enable future devices to be secured, in particular where current options are not viable, and where classified solutions are not possible. Many lightweight block ciphers have been proposed, but often these block ciphers target a particular platform (often an ASIC). The aim of Simon and Speck is to provide strong performance on multiple platforms, including future, unforeseen platforms. NSA has offered Simon and Speck to the cryptographic community in the hope that they will prove useful to the development of a robust set of algorithms suited to the full array of future constrained applications. We look to NIST and input from NSS operators to help define the appropriate role each algorithm should play in this space. When should Simon and/or Speck be used? AES is the standard for National Security Systems. For most usages, lightweight cryptography is unnecessary, and one should implement AES-256. Interoperability is an important consideration, and is another reason to prefer AES-256. For some highly constrained applications, Simon or Speck may be the best op- tion. This can especially be the case for a closed system where interoperability is not an issue or for systems where interoperability is achieved by communica- tion with a more powerful device (which would be able to encrypt and decrypt using any number of supported algorithms, e.g. Simon,Speck, or AES). Defining the use cases where specifically tailored lightweight algorithms will be needed is a current topic of interest. A discussion of military IoT applica- tions, where lightweight cryptography may be appropriate, can be found here in Leveraging the Internet of Things for a More Efficient and Effective Military from the Center for Strategic and International Studies (CSIS). NIST is consider- ing applications of lightweight cryptography for sensor networks, healthcare, the smart grid, etc.; see NIST’s Lightweight Cryptography Project. NASA has expanding programs for extremely small satellites such as CubeSats which may have need for lightweight algorithms; see NASA’s definition of SmallSats and CubeSats. 2. Usage issues Are Simon and Speck interoperable? No. Different block ciphers do not interoperate. Thus data encrypted with Speck 128/256, for example, must be decrypted with Speck 128/256. Similarly, data encrypted with AES-256 must be decrypted with AES-256. How would Simon and Speck integrate into secure systems? When considering a new system design, it is important to remember that many factors come into play. Simon and Speck are cryptographic primitives that are meant to be used as components of highly constrained security systems. There is much in addition to the block cipher that is necessary to create a secure system. Key management is fundamental to secure systems, but is separate from the choice of block cipher used. Similarly, authentication remains an important issue for constrained systems as traditional solutions may impose undue burdens.
Recommended publications
  • Zero Correlation Linear Cryptanalysis on LEA Family Ciphers

    Zero Correlation Linear Cryptanalysis on LEA Family Ciphers

    Journal of Communications Vol. 11, No. 7, July 2016 Zero Correlation Linear Cryptanalysis on LEA Family Ciphers Kai Zhang, Jie Guan, and Bin Hu Information Science and Technology Institute, Zhengzhou 450000, China Email: [email protected]; [email protected]; [email protected] Abstract—In recent two years, zero correlation linear Zero correlation linear cryptanalysis was firstly cryptanalysis has shown its great potential in cryptanalysis and proposed by Andrey Bogdanov and Vicent Rijmen in it has proven to be effective against massive ciphers. LEA is a 2011 [2], [3]. Generally speaking, this cryptanalytic block cipher proposed by Deukjo Hong, who is the designer of method can be concluded as “use linear approximation of an ISO standard block cipher - HIGHT. This paper evaluates the probability 1/2 to eliminate the wrong key candidates”. security level on LEA family ciphers against zero correlation linear cryptanalysis. Firstly, we identify some 9-round zero However, in this basic model of zero correlation linear correlation linear hulls for LEA. Accordingly, we propose a cryptanalysis, the data complexity is about half of the full distinguishing attack on all variants of 9-round LEA family code book. The high data complexity greatly limits the ciphers. Then we propose the first zero correlation linear application of this new method. In FSE 2012, multiple cryptanalysis on 13-round LEA-192 and 14-round LEA-256. zero correlation linear cryptanalysis [4] was proposed For 13-round LEA-192, we propose a key recovery attack with which use multiple zero correlation linear approximations time complexity of 2131.30 13-round LEA encryptions, data to reduce the data complexity.
  • On the NIST Lightweight Cryptography Standardization

    On the NIST Lightweight Cryptography Standardization

    On the NIST Lightweight Cryptography Standardization Meltem S¨onmez Turan NIST Lightweight Cryptography Team ECC 2019: 23rd Workshop on Elliptic Curve Cryptography December 2, 2019 Outline • NIST's Cryptography Standards • Overview - Lightweight Cryptography • NIST Lightweight Cryptography Standardization Process • Announcements 1 NIST's Cryptography Standards National Institute of Standards and Technology • Non-regulatory federal agency within U.S. Department of Commerce. • Founded in 1901, known as the National Bureau of Standards (NBS) prior to 1988. • Headquarters in Gaithersburg, Maryland, and laboratories in Boulder, Colorado. • Employs around 6,000 employees and associates. NIST's Mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. 2 NIST Organization Chart Laboratory Programs Computer Security Division • Center for Nanoscale Science and • Cryptographic Technology Technology • Secure Systems and Applications • Communications Technology Lab. • Security Outreach and Integration • Engineering Lab. • Security Components and Mechanisms • Information Technology Lab. • Security Test, Validation and • Material Measurement Lab. Measurements • NIST Center for Neutron Research • Physical Measurement Lab. Information Technology Lab. • Advanced Network Technologies • Applied and Computational Mathematics • Applied Cybersecurity • Computer Security • Information Access • Software and Systems • Statistical
  • LEA 192: High Speed Architecture of Lightweight Block Cipher

    LEA 192: High Speed Architecture of Lightweight Block Cipher

    International Journal of Innovative Technology and Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-9 Issue-2S, December 2019 LEA 192: High Speed Architecture of Lightweight Block Cipher Zeesha Mishra, Shubham Mishra, Bibhudendra Acharya The communication among connected things must be secure Abstract: High-throughput lightweight cryptography and fast while processing confidential data. Due to a calculation is the need of the present world to convey between two substantial amount of sensitive and valuable data and low asset obliged devices Pipelining is the technique have been used computational resources in the network, it has become to achieve high throughput. In this paper we have target to cumbersome to provide security in the IoT[2]. lightweight block cipher LEA. Block size of LEA is 128 and key Resource-constrained applications comprising of sensor size 128, 192, and 256 bit. In this paper we have focus on LEA architecture for 192- bit key size and achieve very good nodes in wireless sensor networks, RFID tags require smaller throughput. This method has a higher capability of throughput as footprint with minimum battery consumption. compared to previous LEA ciphers. Proposed work is 56% LEA[3] is a lightweight block cipher. LEA has 128-bit improved version of compared paper for respective Speed and block size with 128, 192, 256-bit key sizes and rounds 24, 28 area also less than previous architecture. Graph representation and 32 respectively. LEA supports simple ARX (addition have been shown of different matrices and comparison. rotation XOR ) operation, LEA is not using complex S-box Keywords : ARX, Block Cipher, Cryptography, LEA, structure like AES [4] hence it will give high-speed Lightweight, Pipeline, Throughput.
  • State of the Art in Lightweight Symmetric Cryptography

    State of the Art in Lightweight Symmetric Cryptography

    State of the Art in Lightweight Symmetric Cryptography Alex Biryukov1 and Léo Perrin2 1 SnT, CSC, University of Luxembourg, [email protected] 2 SnT, University of Luxembourg, [email protected] Abstract. Lightweight cryptography has been one of the “hot topics” in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products. In this paper, we discuss the different implementation constraints that a “lightweight” algorithm is usually designed to satisfy. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (nist...) and international (iso/iec...) standards are listed. We then discuss some trends we identified in the design of lightweight algorithms, namely the designers’ preference for arx-based and bitsliced-S-Box-based designs and simple key schedules. Finally, we argue that lightweight cryptography is too large a field and that it should be split into two related but distinct areas: ultra-lightweight and IoT cryptography. The former deals only with the smallest of devices for which a lower security level may be justified by the very harsh design constraints. The latter corresponds to low-power embedded processors for which the Aes and modern hash function are costly but which have to provide a high level security due to their greater connectivity. Keywords: Lightweight cryptography · Ultra-Lightweight · IoT · Internet of Things · SoK · Survey · Standards · Industry 1 Introduction The Internet of Things (IoT) is one of the foremost buzzwords in computer science and information technology at the time of writing.
  • Tongan Ways of Talking

    Tongan Ways of Talking

    TONGAN WAYS OF TALKING MELENAITE TAUMOEFOLAU University of Auckland Some excellent work has been published on Tongan speech levels from a sociolinguistic perspective (e.g., Philips 1991). The purpose of this article is to contribute to the literature by describing some important, not previously well-described features of ways of talking (WOT) in Tongan. I will use as my theoretical framework George Grace’s theory of language; he argued that a language is “a generalized way of talking about things” (Grace 1987: 99), a device for saying things, and it is, in turn, made up of “conventionalized ways of talking about consecrated subject-matters” (p. 103). In this article I will distinguish the following “ways of talking” (WOT):1 WOT 1. lea fakatu‘i—way of talking to or about the monarch/king (tu‘i) WOT 2. lea fakahouhou‘eiki—way of talking to or about chiefly people (hou‘eiki) WOT 3. lea fakamatäpule—polite way of talking that is characteristic of titled orators (matäpule) WOT 4. lea fakatökilalo / faka‘aki‘akimui—self-derogatory way of talking when addressing those of higher rank WOT 5. lea tavale—way of talking to a person with whom one is familiar or with whom one is socially equal, or way of talking to or about commoners (tu‘a) WOT 6. lea ‘ita—abusive way of talking Here I make four main claims about Tongan ways of talking: • The number of registers described for Tongan has been underestimated. I distinguish six (above) instead of the three that are traditionally described: of king—tu‘i, of chiefs—hou‘eiki, of commoners—tu‘a.
  • Partly-Pseudo-Linear Cryptanalysis of Reduced-Round SPECK

    Partly-Pseudo-Linear Cryptanalysis of Reduced-Round SPECK

    cryptography Article Partly-Pseudo-Linear Cryptanalysis of Reduced-Round SPECK Sarah A. Alzakari * and Poorvi L. Vora Department of Computer Science, The George Washington University, 800 22nd St. NW, Washington, DC 20052, USA; [email protected] * Correspondence: [email protected] Abstract: We apply McKay’s pseudo-linear approximation of addition modular 2n to lightweight ARX block ciphers with large words, specifically the SPECK family. We demonstrate that a pseudo- linear approximation can be combined with a linear approximation using the meet-in-the-middle attack technique to recover several key bits. Thus we illustrate improvements to SPECK linear distinguishers based solely on Cho–Pieprzyk approximations by combining them with pseudo-linear approximations, and propose key recovery attacks. Keywords: SPECK; pseudo-linear cryptanalysis; linear cryptanalysis; partly-pseudo-linear attack 1. Introduction ARX block ciphers—which rely on Addition-Rotation-XOR operations performed a number of times—provide a common approach to lightweight cipher design. In June 2013, a group of inventors from the US’s National Security Agency (NSA) proposed two families of lightweight block ciphers, SIMON and SPECK—each of which comes in a variety of widths and key sizes. The SPECK cipher, as an ARX cipher, provides efficient software implementations, while SIMON provides efficient hardware implementations. Moreover, both families perform well in both hardware and software and offer the flexibility across Citation: Alzakari, S.; Vora, P. different platforms that will be required by future applications [1,2]. In this paper, we focus Partly-Pseudo-Linear Cryptanalysis on the SPECK family as an example lightweight ARX block cipher to illustrate our attack.
  • Triathlon of Lightweight Block Ciphers for the Internet of Things

    Triathlon of Lightweight Block Ciphers for the Internet of Things

    Triathlon of Lightweight Block Ciphers for the Internet of Things Daniel Dinu, Yann Le Corre, Dmitry Khovratovich, Léo Perrin, Johann Großschädl, and Alex Biryukov SnT and CSC, University of Luxembourg Maison du Nombre, 6, Avenue de la Fonte, L–4364 Esch-sur-Alzette, Luxembourg {dumitru-daniel.dinu,yann.lecorre,dmitry.khovratovich,leo.perrin}@uni.lu {johann.groszschaedl,alex.biryukov}@uni.lu Abstract. In this paper we introduce a framework for the benchmarking of lightweight block ciphers on a multitude of embedded platforms. Our framework is able to evaluate the execution time, RAM footprint, as well as binary code size, and allows one to define a custom “figure of merit” according to which all evaluated candidates can be ranked. We used the framework to benchmark implementations of 19 lightweight ciphers, namely AES, Chaskey, Fantomas, HIGHT, LBlock, LEA, LED, Piccolo, PRE- SENT, PRIDE, PRINCE, RC5, RECTANGLE, RoadRunneR, Robin, Simon, SPARX, Speck, and TWINE, on three microcontroller platforms: 8-bit AVR, 16-bit MSP430, and 32-bit ARM. Our results bring some new insights to the question of how well these lightweight ciphers are suited to secure the Internet of Things (IoT). The benchmarking framework provides cipher designers with an easy-to-use tool to compare new algorithms with the state-of-the-art and allows standardization organizations to conduct a fair and consistent evaluation of a large number of candidates. Keywords: IoT, lightweight cryptography, block ciphers, evaluation framework, benchmarking. 1 Introduction The Internet of Things (IoT) is a frequently-used term to describe the currently ongoing evolution of the Internet into a network of smart objects (“things”) with the ability to communicate with each other and to access centralized resources via the IPv6 (resp.
  • The Summation-Truncation Hybrid: Reusing Discarded Bits for Free

    The Summation-Truncation Hybrid: Reusing Discarded Bits for Free

    The Summation-Truncation Hybrid: Reusing Discarded Bits for Free Aldo Gunsing and Bart Mennink Digital Security Group, Radboud University, Nijmegen, The Netherlands [email protected], [email protected] Abstract. A well-established PRP-to-PRF conversion design is trun- cation: one evaluates an n-bit pseudorandom permutation on a certain input, and truncates the result to a bits. The construction is known to achieve tight 2n−a=2 security. Truncation has gained popularity due to its appearance in the GCM-SIV key derivation function (ACM CCS 2015). This key derivation function makes four evaluations of AES, truncates the outputs to n=2 bits, and concatenates these to get a 2n-bit subkey. In this work, we demonstrate that truncation is wasteful. In more detail, we present the Summation-Truncation Hybrid (STH). At a high level, the construction consists of two parallel evaluations of truncation, where the truncated (n − a)-bit chunks are not discarded but rather summed together and appended to the output. We prove that STH achieves a similar security level as truncation, and thus that the n − a bits of extra output is rendered for free. In the application of GCM-SIV, the current key derivation can be used to output 3n bits of random material, or it can be reduced to three primitive evaluations. Both changes come with no security loss. Keywords: PRP-to-PRF, Truncation, Sum of permutations, Efficiency, GCM-SIV 1 Introduction The vast majority of symmetric cryptographic schemes is built upon a pseu- dorandom permutation, such as AES [21]. Such a function gets as input a key and bijectively transforms its input to an output such that the function is hard to distinguish from random if an attacker has no knowledge about the key.
  • Linear Cryptanalysis of Reduced-Round SIMON Using Super Rounds

    Linear Cryptanalysis of Reduced-Round SIMON Using Super Rounds

    cryptography Article Linear Cryptanalysis of Reduced-Round SIMON Using Super Rounds Reham Almukhlifi * and Poorvi L. Vora Department of Computer Science, The George Washington University, Washington, DC 20052, USA; [email protected] * Correspondence: [email protected] Received: 5 March 2020; Accepted: 15 March 2020; Published: 18 March 2020 Abstract: We present attacks on 21-rounds of SIMON 32/64, 21-rounds of SIMON 48/96, 25-rounds of SIMON 64/128, 35-rounds of SIMON 96/144 and 43-rounds of SIMON 128/256, often with direct recovery of the full master key without repeating the attack over multiple rounds. These attacks result from the observation that, after four rounds of encryption, one bit of the left half of the state of 32/64 SIMON depends on only 17 key bits (19 key bits for the other variants of SIMON). Further, linear cryptanalysis requires the guessing of only 16 bits, the size of a single round key of SIMON 32/64. We partition the key into smaller strings by focusing on one bit of state at a time, decreasing the cost of the exhaustive search of linear cryptanalysis to 16 bits at a time for SIMON 32/64. We also present other example linear cryptanalysis, experimentally verified on 8, 10 and 12 rounds for SIMON 32/64. Keywords: SIMON; linear cryptanalysis; super round 1. Introduction Lightweight cryptography is a rapidly growing area of research, emerging to fill the need for securing highly-constrained devices such as RFID tags and sensor networks. The limited hardware and software resources require that the cryptographic primitives be highly efficient.
  • Giza and the Pyramids, Veteran Hosni Mubarak

    Giza and the Pyramids, Veteran Hosni Mubarak

    An aeroplane flies over the pyramids and Sphinx on the Giza Plateau near Cairo. ARCHAEOLOGY The wonder of the pyramids Andrew Robinson enjoys a volume rounding up research on the complex at Giza, Egypt. n Giza and the Pyramids, veteran Hosni Mubarak. After AERAGRAM 16(2), 8–14; 2015), the tomb’s Egyptologists Mark Lehner and Zahi Mubarak fell from four sides, each a little more than 230 metres Hawass cite an Arab proverb: “Man power during the long, vary by at most just 18.3 centimetres. Ifears time, but time fears the pyramids.” It’s Arab Spring that year, Lehner and Hawass reject the idea that a reminder that the great Egyptian complex Hawass resigned, amid armies of Egyptian slaves constructed the on the Giza Plateau has endured for some controversy. pyramids, as the classical Greek historian four and a half millennia — the last monu- The Giza complex Herodotus suggested. They do, however, ment standing of that classical-era must-see invites speculation embrace the concept that the innovative list, the Seven Wonders of the World. and debate. Its three administrative and social organization Lehner and Hawass have produced an pyramids are the Giza and the demanded by the enormous task of build- astonishingly comprehensive study of the tombs of pharaohs Pyramids ing the complex were key factors in creating excavations and scientific investigations Khufu, Khafre and MARK LEHNER & ZAHI Egyptian civilization. CREATIVE GEOGRAPHIC L. STANFIELD/NATL JAMES that have, over two centuries, uncovered Menkaure, also known HAWASS The authors are also in accord over a the engineering techniques, religious and as Cheops, Chephren Thames & Hudson: theory regarding the purpose of the Giza cultural significance and other aspects of and Mycerinus, 2017.
  • FPGA Modeling and Optimization of a SIMON Lightweight Block Cipher

    FPGA Modeling and Optimization of a SIMON Lightweight Block Cipher

    sensors Article FPGA Modeling and Optimization of a SIMON Lightweight Block Cipher Sa’ed Abed 1,* , Reem Jaffal 1, Bassam Jamil Mohd 2 and Mohammad Alshayeji 1 1 Department of Computer Engineering, Kuwait University, Safat 13060, Kuwait; [email protected] (R.J.); [email protected] (M.A.) 2 Department of Computer Engineering, Hashemite University, Zarqa 13115, Jordan; [email protected] * Correspondence: [email protected]; Tel.: +965-249-837-90 Received: 18 December 2018; Accepted: 18 February 2019; Published: 21 February 2019 Abstract: Security of sensitive data exchanged between devices is essential. Low-resource devices (LRDs), designed for constrained environments, are increasingly becoming ubiquitous. Lightweight block ciphers provide confidentiality for LRDs by balancing the required security with minimal resource overhead. SIMON is a lightweight block cipher targeted for hardware implementations. The objective of this research is to implement, optimize, and model SIMON cipher design for LRDs, with an emphasis on energy and power, which are critical metrics for LRDs. Various implementations use field-programmable gate array (FPGA) technology. Two types of design implementations are examined: scalar and pipelined. Results show that scalar implementations require 39% less resources and 45% less power consumption. The pipelined implementations demonstrate 12 times the throughput and consume 31% less energy. Moreover, the most energy-efficient and optimum design is a two-round pipelined implementation, which consumes 31% of the best scalar’s implementation energy. The scalar design that consumes the least energy is a four-round implementation. The scalar design that uses the least area and power is the one-round implementation.
  • Lab 6: Simon Cipher Encryption EEL 4712 – Fall 2019

    Lab 6: Simon Cipher Encryption EEL 4712 – Fall 2019

    Lab 6: Simon Cipher Encryption EEL 4712 – Fall 2019 Objective: The objective of this lab is to study the implementation of lightweight cryptographic ciphers using datapath and finite state machine. You will also learn how to instantiate and use memory components. Required tools and parts: QuartusII software package, ALTERA DE10-lite board. IP Used: An altsyncram IP component will be used in this lab. Also, a memory initialization file (in.mif, key.mif) will be used to initialize the memory values of the ROM and RAM. Discussion: Encryption is the process of using an algorithm (E) to encode a message (P) between two parties using a key (K). The output (C) should be undecipherable unless the secret key and encryption method are known to reverse the process. 퐸(푃, 퐾) → 퐶 퐸−1(퐶, 퐾) → 푃 Hardware encryption is favored over software implementations due to speed and protections from traditional attacks. Lightweight cryptographic block ciphers are designed to encrypt blocks of data in constrained applications such as embedded processors, internet-of-things (IoT), etc. In this lab, we will be implementing the Simon32/64 block cipher developed by the National Security Agency in 2013 [1]. Simon32/64 uses a block size of 32 bits and key size of 64 bits and word size of 16 bits for encryption and decryption. We will be implementing ENCRYPTION ONLY with 10 rounds. Pre-lab requirements: 1. Datapath Figure 1. Simon 32/64 Datapath 1 Lab 6: Simon Cipher Encryption EEL 4712 – Fall 2019 The datapath and control signals (blue) for Simon32/64 block cipher are shown in Fig.